Tag: email
-
Exim Mail Transfer Vulnerability Allows Attackers to Inject Malicious SQL
A newly disclosed vulnerability in the Exim mail transfer agent (CVE-2025-26794) has sent shockwaves through the cybersecurity community, revealing a critical SQL injection flaw that enables attackers to compromise email systems and manipulate underlying databases. The vulnerability, confirmed in Exim Version 4.98 installations using SQLite for hints databases, represents one of the most severe email…
-
Security Affairs newsletter Round 512 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Lazarus APT stole $1.5B from Bybit, it is the largest cryptocurrency heist ever Apple removes iCloud encryption in…
-
Beware: PayPal “New Address” feature abused to send phishing emails
An ongoing PayPal email scam exploits the platform’s address settings to send fake purchase notifications, tricking users into granting remote access to scammers First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/beware-paypal-new-address-feature-abused-to-send-phishing-emails/
-
FBI and CISA warn about continuing attacks by Chinese ransomware group Ghost
Attacks are more focused on encryption than exfiltration: The Ghost attackers have sometimes exfiltrated data back to their Cobalt Strike Team servers or to the Mega.nz file-sharing service, but this has been rare and the amount of information stolen has been limited.According to FBI investigations, the group doesn’t regularly exfiltrate intellectual property or personally identifiable…
-
How malicious AI powers the latest surge of advanced email threats
First seen on scworld.com Jump to article: www.scworld.com/perspective/how-malicious-ai-powers-the-latest-surge-of-advanced-email-threats
-
Nagios XI Flaw Exposes User Details and Emails to Unauthenticated Attackers<<
Tags: attack, credentials, cve, cyber, email, flaw, monitoring, network, phishing, risk, vulnerabilityA security vulnerability in Nagios XI 2024R1.2.2, tracked as CVE-2024-54961, has been disclosed, allowing unauthenticated attackers to retrieve sensitive user information, including usernames and email addresses, from the network monitoring platform. This high-severity flaw (CVSSv3 score: 6.5) exposes organizations to heightened risks of phishing campaigns, credential-stuffing attacks, and lateral movement within compromised networks. Technical Breakdown…
-
Firing of 130 CISA staff worries cybersecurity industry
Cybersecurity concerns: Alexander Garcia-Tobar, CEO of email authentication provider Valimail, said the new administration’s actions are causing significant concern among security professionals. “Many of us are advocating for cybersecurity to be seen as the bi-partisan effort it should be,” he said via emai, but “the Trump administration has taken a sledgehammer to cancelling or disbanding…
-
The 20 Coolest Web, Email and Application Security Companies Of 2025: The Security 100
From vendors offering code security tools to those protecting inboxes and websites against attacks, here’s a look at 20 key companies in web, email and application security. First seen on crn.com Jump to article: www.crn.com/news/security/2025/the-20-coolest-web-email-and-application-security-companies-of-2025-the-security-100
-
Darktrace: 96% of Phishing Attacks in 2024 Exploited Trusted Domains Including SharePoint Zoom Docs
The cyber security firm reported in its latest annual report that their researchers found more than 30.4 million phishing emails last year. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/darktrace-threat-report/
-
New Snake Keylogger Variant Leverages AutoIt Scripting to Evade Detection
A new variant of the Snake Keylogger malware is being used to actively target Windows users located in China, Turkey, Indonesia, Taiwan, and Spain.Fortinet FortiGuard Labs said the new version of the malware has been behind over 280 million blocked infection attempts worldwide since the start of the year.”Typically delivered through phishing emails containing malicious…
-
Snake Keylogger Variant Hits Windows, Steals Data via Telegram Bots
The New Snake Keylogger variant targets Windows users via phishing emails, using AutoIt for stealth. Learn how it… First seen on hackread.com Jump to article: hackread.com/snake-keylogger-variant-windows-data-telegram-bots/
-
Zacks Investment Data Breach Exposes 12 Million Emails and Phone Numbers
Tags: breach, credentials, cyber, cybersecurity, data, data-breach, email, finance, identity, password, phone, service, theftA cybersecurity incident at Zacks Investment Research has exposed sensitive data belonging to 12 million users, marking the second major breach for the financial services firm since 2022. The compromised information includes email addresses, phone numbers, names, IP addresses, physical addresses, and weakly protected password hashes, raising concerns about identity theft and credential-stuffing attacks. Breach…
-
Password managers under increasing threat as infostealers triple and adapt
Tags: access, attack, authentication, automation, breach, ceo, cloud, credentials, crypto, cyber, cybercrime, cybersecurity, dark-web, data, data-breach, defense, email, encryption, exploit, finance, hacker, identity, intelligence, least-privilege, login, malicious, malware, mfa, password, phishing, ransomware, risk, service, switch, tactics, theft, threat, tool, vulnerability, zero-trustMalware-as-a-service infostealers: For example, RedLine Stealer is specifically designed to target and steal sensitive information, including credentials stored in web browsers and other applications. It is often distributed through phishing emails or by tricking prospective marks into visiting booby-trapped websites laced with malicious downloaders.Another threat comes from Lumma stealer, offered for sale as a malware-as-a-service,…
-
Fake Timesheet Report Emails Linked to Tycoon 2FA Phishing Kit
Cybersecurity researchers have uncovered a novel phishing campaign distributing the notorious Tycoon 2FA phishing kit through fraudulent timesheet notification emails, marking a concerning evolution in multi-layered credential theft operations. The operation utilizes Pinterest’s visual bookmarking service as an intermediary redirector, demonstrating attackers’ increasing sophistication in bypassing traditional email security filters. Campaign Mechanics and Delivery Vector…
-
New family of data-stealing malware leverages Microsoft Outlook
certutil application which handles certificates, to download files.Espionage seems to be the motive, says the report, and there are Windows and Linux versions of the malware. But fortunately the gang “exhibited poor campaign management and inconsistent evasion tactics,” it notes. Nevertheless, CISOs should be watching for signs of attack using this group’s techniques, because their…
-
Why is DMARC Important? [2025 Updated]
Learn why DMARC is important for blocking phishing, securing your domain, and ensuring email deliverability in 2025. Stay compliant and protected. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/02/why-is-dmarc-important-2025-updated/
-
DMARC vs DKIM: Key Differences How They Work Together
DMARC Vs DKIM: key differences between DMARC and DKIM, how they work together, and why combining both is essential for email security and deliverability. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/02/dmarc-vs-dkim-key-differences-how-they-work-together/
-
Privacy Roundup: Week 7 of Year 2025
Tags: access, antivirus, api, apple, attack, breach, business, cctv, cve, cybersecurity, data, data-breach, detection, email, exploit, firmware, flaw, google, group, law, leak, malware, microsoft, military, network, password, phishing, privacy, router, scam, service, software, technology, threat, tool, update, virus, vpn, vulnerability, windows, zero-dayThis is a news item roundup of privacy or privacy-related news items for 9 FEB 2025 – 15 FEB 2025. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional “security” content mixed-in here due to the close relationship between online privacy and cybersecurity – many things may overlap;…
-
âš¡ THN Weekly Recap: Google Secrets Stolen, Windows Hack, New Crypto Scams and More
Welcome to this week’s Cybersecurity News Recap. Discover how cyber attackers are using clever tricks like fake codes and sneaky emails to gain access to sensitive data. We cover everything from device code phishing to cloud exploits, breaking down the technical details into simple, easy-to-follow insights.âš¡ Threat of the WeekRussian Threat Actors Leverage Device Code…
-
New FinalDraft malware abuses Outlook mail service for stealthy comms
A new malware called FinalDraft has been using Outlook email drafts for command-and-control communication in attacks against a ministry in a South American country. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-finaldraft-malware-abuses-outlook-mail-service-for-stealthy-comms/
-
Security Affairs newsletter Round 511 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. U.S. CISA adds Apple iOS and iPadOS and Mitel SIP Phones flaws to its Known Exploited Vulnerabilities catalog…
-
Hackers steal emails in device code phishing attacks
An active campaign from a threat actor potentially linked to Russia is targeting Microsoft 365 accounts of individuals at organizations of interest using device code phishing. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-hackers-steal-emails-in-device-code-phishing-attacks/
-
CISO success story: How LA County trains (and retrains) workers to fight phishing
Tags: ai, awareness, breach, business, chatgpt, cio, ciso, cloud, compliance, computing, control, corporate, cybersecurity, data, dos, election, email, endpoint, government, hacker, healthcare, incident response, jobs, law, lessons-learned, malicious, marketplace, network, phishing, privacy, regulation, risk, risk-management, service, software, strategy, supply-chain, tactics, technology, threat, tool, training, vulnerability(The following interview has been edited for clarity and length.)At first glance, LA County’s reporting structure who reports to whom seems, well, fairly complex.We have a federated model: I report to the county CIO. Each department acts as an independent business and has its own department CIO and information security officer. Their job is to…
-
Virginia Attorney General’s Office Struck by Cyberattack Targeting Attorneys’ Computer Systems
The chief deputy attorney general of the agency sent an email on Wednesday that said nearly all of is computer systems were offline. The post Virginia Attorney General’s Office Struck by Cyberattack Targeting Attorneys’ Computer Systems appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/virginia-attorney-generals-office-struck-by-cyberattack-targeting-attorneys-computer-systems/
-
Doxbin Data Breach: Hackers Leak 136K User Records and Blacklist File
Doxbin Data Breach: Hackers leak 136,000+ user records, emails, and a ‘blacklist’ file, exposing those who paid to… First seen on hackread.com Jump to article: hackread.com/doxbin-data-breach-hackers-leak-user-records-blacklist-file/
-
What security teams need to know about the coming demise of old Microsoft servers
Tags: attack, authentication, best-practice, cloud, data, email, guide, infrastructure, mail, microsoft, software, switch, technology, updateManaging an on-premises Exchange server is getting more difficult: Users will have to decide between now and October whether to continue with on-premises mail servers or consider alternatives. The expertise to patch and maintain an on-premises Exchange server is getting tougher all the time. We’ve seen Microsoft introduce bugs into their software causing Exchange administrators…
-
Google fixes flaw that could unmask YouTube users’ email addresses
Google has fixed two vulnerabilities that, when chained together, could expose the email addresses of YouTube accounts, causing a massive privacy breach for those using the site anonymously. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-fixes-flaw-that-could-unmask-youtube-users-email-addresses/
-
OmniGPT AI Chatbot Alleged Breach: Hacker Leaks User Data, 34M Messages
Hacker claims to have breached OmniGPT, leaking over 30,000 user email address, phone numbers, and 34 million lines of chat messages. Data includes API keys, credentials, and file links. First seen on hackread.com Jump to article: hackread.com/omnigpt-ai-chatbot-breach-hacker-leak-user-data-messages/
-
Massive Facebook Phishing Attack Targets Hundreds of Companies for Credential Theft
A newly discovered phishing campaign targeting Facebook users has been identified by researchers at Check Point Software Technologies. The attack, which began in late December 2024, has already reached over 12,279 email addresses and impacted hundreds of companies globally. The campaign exploits Facebook’s massive user base recognized as the most popular social network worldwide and…